New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GAQM CPEH-001 Exam - Topic 7 Question 42 Discussion

Actual exam question for GAQM's CPEH-001 exam
Question #: 42
Topic #: 7
[All CPEH-001 Questions]

After studying the following log entries, how many user IDs can you identify that the attacker has tampered with?

1. mkdir -p /etc/X11/applnk/Internet/.etc

2. mkdir -p /etc/X11/applnk/Internet/.etcpasswd

3. touch -acmr /etc/passwd /etc/X11/applnk/Internet/.etcpasswd

4. touch -acmr /etc /etc/X11/applnk/Internet/.etc

5. passwd nobody -d

6. /usr/sbin/adduser dns -d/bin -u 0 -g 0 -s/bin/bash

7. passwd dns -d

8. touch -acmr /etc/X11/applnk/Internet/.etcpasswd /etc/passwd

9. touch -acmr /etc/X11/applnk/Internet/.etc /etc

Show Suggested Answer Hide Answer
Suggested Answer: C

Passwd is the command used to modify a user password and it has been used together with the usernames nobody and dns.


by Tammara at May 09, 2022, 09:07 AM

Limited Time Offer

25%

Off

Get Premium CPEH-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Levi
4 months ago
I think it's just 'nobody' and 'dns' for sure.
upvoted 0 times
...
Dana
4 months ago
'acmr' is also mentioned, but not sure if it's tampered.
upvoted 0 times
...
Tasia
4 months ago
Wait, are we sure about 'IUSR_'? Seems sketchy.
upvoted 0 times
...
Claudia
4 months ago
Totally agree, those are the obvious ones!
upvoted 0 times
...
Thurman
5 months ago
Looks like the attacker messed with 'nobody' and 'dns'.
upvoted 0 times
...
Jesusa
5 months ago
I'm a bit confused about the entries. The "passwd" commands seem suspicious, but I can't recall if they indicate tampering directly.
upvoted 0 times
...
Domonique
5 months ago
I remember a practice question where we had to identify user IDs too. I feel like "nobody" and "dns" are definitely involved here.
upvoted 0 times
...
Meaghan
5 months ago
I think the attacker tampered with the user IDs "nobody" and "dns," but I'm not entirely sure about "IUSR_."
upvoted 0 times
...
Lea
5 months ago
I think "nobody" and "dns" are the right answers, but I wonder if "IUSR_" could be a trick option.
upvoted 0 times
...
Yen
5 months ago
I'm a little confused by the wording of the question. Is it asking about the overall category these security measures fall under? I'll need to re-read the options carefully.
upvoted 0 times
...
Queen
5 months ago
This is a good test of my understanding of BPEL. I'm feeling confident I can work through the possible statements and identify the one that is true.
upvoted 0 times
...
Kerrie
5 months ago
Hmm, I'm a bit confused by the options. I'm not sure if the Cisco FastLocate technology or the device Bluetooth via the app would be better solutions. I'll need to review the details more carefully.
upvoted 0 times
...
Armando
5 months ago
I think I've got a solid strategy here. I'll carefully consider each option and try to identify the 3 that are targeting the OS.
upvoted 0 times
...
Claudia
5 months ago
Hmm, I'm a bit unsure about this one. Is a workflow the only way to send an email notification on a process completion? I'm wondering if an action step or a Power Automate flow step could also work. I'll need to think this through carefully.
upvoted 0 times
...
Stephane
5 months ago
This seems straightforward to me. Since Dale had to give the $1,000 to her employer, it should just be deducted from her taxable income. I'm going with C.
upvoted 0 times
...

Save Cancel